Service packs have gone the way of the dodo. Gone are the days of ensuring our forensic toolkit has the required tools for evaluating a major and specific version of a Microsoft system. When Microsoft starting pushing out major creators updates, it appeared Microsoft was favoring a "semi-rolling" update model much like Linux distributions do regularly.
However, these are major updates. These updates are pushed quickly, and with features that can have direct impacts on both security for the user and have forensic implications. Although we trust that every single feature will be useful and many of which DO have a positive overall impact, they also could force a user to change daily activities outside the normal scope of operations.
I recall the still looming effects of the change in ShellBag forensics differences between Windows 7, 8 & 8.1. (32 bit & 64 bit) and Windows 10. I think more are on the horizon...
One of those features, as an example, was the loss of "homegroup" in the April 2018 creators update.
Many home users relied on this to exchange data across a home network, even insecurely by allowing these activities across public networks.
Microsoft's alternative to HomeGroup is to:
However, these are major updates. These updates are pushed quickly, and with features that can have direct impacts on both security for the user and have forensic implications. Although we trust that every single feature will be useful and many of which DO have a positive overall impact, they also could force a user to change daily activities outside the normal scope of operations.
I recall the still looming effects of the change in ShellBag forensics differences between Windows 7, 8 & 8.1. (32 bit & 64 bit) and Windows 10. I think more are on the horizon...
One of those features, as an example, was the loss of "homegroup" in the April 2018 creators update.
Many home users relied on this to exchange data across a home network, even insecurely by allowing these activities across public networks.
Microsoft's alternative to HomeGroup is to:
- Manually Map a Network Drive
- Use OneDrive
- Manually transfer files
All well and good, but now we have to consider the inevitable increased use of cloud storage (even if OneDrive isn't your "go-to").
That's just one example, but now we have increased the frequency of changes in other major Microsoft aspects. Some of the concerns I will be observing in upcoming investigations are:
- Increase emphasis on cloud-based security updates
- Cloud-based enterprise deployment
- Changes to Windows S mode - the usual mirroring of Chrome's secure web environment
- TimeCapsule (sound familiar!?!) Now we have MORE chances to find backups on the standard users desktop. Finally, since wear leveling and encryption is making this area hurt.
What aspects of these updates alter your investigation? Let me know!
Comments
Post a Comment